JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.94.12.238

154.94.12.238 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 0%: ?

ISP	Xiapu County Yangyao Clothing Business Department
Usage Type	Data Center/Web Hosting/Transit
ASN	AS20326
Domain Name	cloudinnovation.org
Country	🇺🇸 United States of America
City	Newark, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.94.12.238

Whois 154.94.12.238

IP Abuse Reports for 154.94.12.238:

This IP address has been reported a total of 26 times from 11 distinct sources. 154.94.12.238 was first reported on October 16th 2024, and the most recent report was 9 months ago.

Old Reports: The most recent abuse report for this IP address is from 9 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Gabriel Camargo	2025-09-18 23:30:42 (9 months ago)	154.94.12.238 - - [18/Sep/2025:18:30:38 -0500] "GET /wp-json/wp/v2/users HTTP/1.1" 301 178 "https:// ... show more 154.94.12.238 - - [18/Sep/2025:18:30:38 -0500] "GET /wp-json/wp/v2/users HTTP/1.1" 301 178 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 154.94.12.238 - - [18/Sep/2025:18:30:40 -0500] "GET /?author=1 HTTP/1.1" 301 178 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 154.94.12.238 - - [18/Sep/2025:18:30:42 -0500] "GET /app/e2portal HTTP/1.1" 301 178 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Brute-Force SSH
🇮🇩 BPS-StatisticsIndonesia	2025-09-14 01:03:05 (9 months ago)	WP Login Scan Activities	Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-09-12 15:27:02 (9 months ago)	WP Login Scan Activities	Web App Attack
🇺🇸 TPI-Abuse	2025-09-11 19:57:23 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 15:57:19.196160 2025] [security2:error] [pid 15555:tid 15555] [client 154.94.12.238:17695] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.hteca.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.hteca.com"] [uri "/s3cmd.ini"] [unique_id "aMMpn442LOujkR2IpMP0GAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-08 12:31:13 (9 months ago)	HTTPS vulnerability scan attempt detected. Port 443.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-09-06 10:49:17 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 06 06:49:11.485768 2025] [security2:error] [pid 26703:tid 26703] [client 154.94.12.238:24355] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.digi-estudio.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aLwRp_4Y3lsQ8gRiMNw50QAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-01 00:38:14 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 31 20:38:06.284051 2025] [security2:error] [pid 27820:tid 27841] [client 154.94.12.238:24289] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.coloradospringsmohs.aafm.us\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.coloradospringsmohs.aafm.us"] [uri "/s3cmd.ini"] [unique_id "aLTq7ghFVyk3cM0kS41U6wAAAUs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-31 23:13:05 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 31 19:12:59.801245 2025] [security2:error] [pid 13422:tid 13422] [client 154.94.12.238:55541] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.davehalverson.com.trancelucid.com"] [uri "/config.php%7C/.env%7Csettings.py"] [unique_id "aLTW-0ZVcKxHNBS5ejk6-AAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-08-29 05:54:16 (9 months ago)	WP Login Scan Activities	Web App Attack
Anonymous	2025-08-23 15:58:22 (9 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇮🇩 BPS-StatisticsIndonesia	2025-08-17 16:57:47 (10 months ago)	WP Login Scan Activities	Web App Attack
Anonymous	2025-08-14 15:36:19 (10 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 Packets-Decreaser.NET	2025-03-26 14:01:25 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-03-24 15:57:03 (1 year ago)	(mod_security) mod_security (id:225170) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 154.94.12.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 24 11:56:58.891884 2025] [security2:error] [pid 19725:tid 19725] [client 154.94.12.238:41289] [client 154.94.12.238] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|thehomedaleinn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "thehomedaleinn.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z-GAymhxXZhqSgUgpzT5xwAAAAg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-24 01:05:45 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 85.217.140.20

🇲🇽 195.250.28.89

🇧🇬 91.148.190.150

🇨🇳 58.19.76.68

🇫🇷 51.178.111.226

🇳🇱 45.148.10.152

🇺🇸 44.160.38.166

🇬🇧 31.3.241.131

🇮🇹 151.75.25.169

🇨🇳 121.196.157.119

🇸🇪 104.23.223.12

🇺🇸 66.132.186.229

🇨🇳 60.214.154.254

🇺🇸 44.180.200.71

🇨🇳 36.133.36.177

🇬🇧 35.203.210.109

🇮🇷 31.14.84.23

🇩🇪 192.109.200.78

🇩🇪 172.217.33.149

🇺🇸 135.237.127.94